3DS2 AdoptionHow to Optimize Your Business to Meet Updated Security Standards

September 1, 2023 | 7 min read

This image was created by artificial intelligence using the following prompts:

Global 3-D Secure authentication for online payments that uses biometrics or codes sent through text, to verify identity. A Lock and security, in the style of red and teal.

3DS2 Adoption

In a Nutshell

The 3-D Secure 2.0 standard aims to reduce fraud and provide added security to online payments. Does it really work, though? Or does it merely toss additional roadblocks into an already complex payment process? Let’s find out.

The Current Perks & Pitfalls of 3DS2 Adoption: How are Things Going?

Even after years of effort from card issuers, payment processors, businesses, and regulatory authorities, the problem of card-not-present fraud keeps getting worse.

From 2022 to 2023, CNP fraud grew by nearly 10%. Although CNP transactions are still just a fraction of overall card purchases, nearly three-quarters of all credit card fraud in 2023 occurred in the CNP environment.

Many solutions have been proposed over the years to try and tackle this problem. The latest upgrade to combat this issue, a protocol called 3-D Secure 2.0, or simply 3DS2, aimed to stop fraud by more precisely identifying users.

Now that 3DS2 has become mandatory in the EU, however,  and is more commonly used in other places, some retailers are discovering a snag. The added security of 3DS2 might be a plus, but it also creates more hurdles for customers. In short, 3DS2 changes the equation, but doesn't necessarily solve the age-old dilemma of balancing security with the convenience that online businesses constantly grapple with.

3DS2 Adoption

Why Comply With 3DS2?

3DS2 is a robust set of security standards designed for strong customer authentication. The standards represent an update of older, preexisting 3-D Secure protocols.

Learn more about 3-D Secure

Compliance with 3DS2 is an important part of the European payment security regulations known as PSD2. The intention is twofold; not only does it curtail fraud, it also smoothes out the customer experience, which was sometimes clunky and frustrating with the first version of 3DS. 

The purpose of 3DS2 is to introduce real-time authentication steps for transactions that are considered risky by issuers. These measures often include biometrics, like facial recognition or fingerprint scanning, or codes sent through SMS or email. For businesses, an added perk of implementing 3DS2 is reducing chargeback liability for those particular transactions.

Improved Success Rates Since Adoption

The latest version of 3-D Secure authentication for online payments has seen a substantial uptick in global adoption. This is according to the newly-released Global Payment Regulation Report from Ravelin.

The report paints a promising picture, showcasing generally favorable authentication success rates. This is a marked improvement over previous versions of 3DS technology.

Additional updates to 3DS2 since the main rollout have further refined processes and removed friction. The report found that merchants in the UK and Ireland experienced 81% and 82% success rates with 3DS versions 2.1 and 2.2, respectively. Similarly high authentication rates have been observed around the world wherever 3DS2 has been introduced.

Merchants are Anxious About 3DS2

That all sounds great. However, there's a flip side that we need to consider as well.

A significant number of merchants remain skeptical about entering a new age of smoother authentication. The report cited above went on to state that many merchants voice “serious concerns” over the potential impact of the SCA protocol on conversion rates.

3DS2 can help prevent some chargebacks... but it can’t stop disputes resulting from first-party misuse.REQUEST A DEMO

In the UK and Australia, 89% of respondents said they were “slightly concerned,” “concerned,” or “very concerned” about the influence of 3DS2 on conversion. This figure rises 93% in the US, and a whopping 97% in Germany and Spain. 

Yet despite these worries, Ravelin's findings highlight consistent success in authenticating transactions via 3DS 2.1 and 2.2 worldwide. Moreover, over half of the transactions (climbing to over 60% in Europe) are described as frictionless. In other words, they’re authenticated without the customer needing to do anything directly.

The fact that 3DS authentication is now “on by default” for all online transactions in Europe puts pressure on companies. If European firms offer a subpar authentication experience, they run the risk of losing business.

Other Challenges Associated With 3DS2 Adoption

While 3DS2 aims to simplify secure transactions, it hasn't been without hitches. These hiccups directly affect businesses and customers. Sony PlayStation's website, for example, has a page dedicated to addressing authentication obstacles and payment declines. This page suggests a direct, yet highly inconvenient solution: contacting banks or card issuers.

Some luxury brands are also grappling with customer experience (CX) challenges. High-value orders often trigger additional authentication steps, sometimes leading to false declines. Luxury consumers, expecting perfection, are unforgiving and ready to take their business elsewhere if disappointed.

According to ClearSale's recent survey, 43% of shoppers spending over $400 monthly online on luxury goods had faced declines. Among them, 57% said they would avoid the website in question in the future. 61% would publicly criticize the experience. Higher than-average figures signify potential massive losses for upscale retailers.

3DS2 has further muddied international travel and hospitality payments. Adoption varies across countries, with different interpretations by businesses, banks, and card brands. This led to reservation issues and in-trip payment problems for travelers; a highly stressful scenario.

Other businesses face obstacles in deploying and using 3DS2. For instance, managing additional acquirers that can work with the protocols and dealing with missed authentication codes or challenge requests, like the issue PlayStation customers faced.

Lastly, 3DS2 isn't a foolproof defense against fraud. If criminals gain access to a victim's phone or email through account takeover fraud or a SIM swap, they can intercept 3DS2 verification codes. This would render 3DS2 verifications useless.

Best Practices Going Forward

3DS2 is a significant weapon against CNP fraud. However, it should not be one’s only line of defense. It should also not be deployed in every single case.

There are other strategies businesses can employ to mitigate risks while ensuring a superior customer experience (or “CX”). Examples include:

Keep Customers in the Loop

When an order necessitates a detailed review exceeding a short duration, alerting the customer about its status can alleviate concerns about its whereabouts. This reduces potential order cancellations and customer drop-offs while still guarding against fraud.

Applying Exemptions

Some businesses have the ability to seek exemptions in particular cases, allowing them to navigate around certain requirements. Transaction risk analysis, or “TRA,” lets merchants segment transactions by risk level and bypass 3DS2 requirements on low-risk sales.

Further exemptions might be on offer based on various factors like the business's fraud rate, its trusted beneficiary status with customers, or its standing with corporate card status. These exemptions offer some flexibility within the system, but come with their own set of rules and potential liabilities.

Implement Manual Review

Advanced real-time analysis can discern genuine fraud from legitimate customer actions that might seem suspicious.

For instance, buying a pricey gift while traveling or making a substantial international purchase from an unfamiliar shop. Both actions could raise red flags, but can be easily validated through manual review. Such reviews prevent genuine fraud and avert unwarranted declines.

Harness Machine Learning

The more varied scenarios an antifraud algorithm encounters, the sharper its detection capabilities become. Over time, this minimizes the orders needing human intervention and boosts trust in the fraud detection process.

Ongoing Evaluation is Needed

Regardless of the measures you choose, regularly monitoring fraud and false decline statistics is essential.

To that end, regular analysis can spotlight evolving fraud patterns and pinpoint areas ripe for enhancement in fraud prevention and CX. This will pave the way for a system that steadily diminishes chargebacks and continually refines the customer experience.

3DS2 has been available for some time, but we’re still in the early stages of adoption. As time passes, it will be crucial to continue evaluating, and attempting to detect and address new roadblocks as they become apparent.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form